This invention relates generally to network communications, and more particularly but not exclusively, to managing network communications by selectively employing tunneled network connections based, in part, on a client configuration and the request.
Many of today's enterprises regularly use the Internet to remotely connect employees, business partners, and, even customers to hosted resources. The benefits are significant, but not without risk. Unfortunately, the risks are growing.
In response to the growing risks of attacks, potentials for legal suits, federal compliance requirements, and so forth, enterprises have spent millions to protect their digital resources. In particular, many enterprises have recognized that the first security barrier to their information systems is a strong security perimeter. While a security perimeter is designed to restrict improper flow of network traffic between networks, they may also block desirable network traffic flows. This may be particularly true where a client device resides on one side of the security perimeter and a resource server, or another client resides on the other side of the security perimeter.
Some traditional solutions that have been implemented to enable communications across the security perimeter include Virtual Private Networks (VPNs), proxy servers, and reverse proxy servers. However, each of these solutions also bring with them problems that may limit their usefulness to an enterprise. For example, while traditional VPNs enable secure communications across the security perimeter, they often also require VPN software to be pre-installed on the remote client. This may require access rights or skills that an end-user of the device may not possess.
While traditional proxy servers may enable some communications through the security perimeter, many of today's applications and protocols do support the use of proxy servers. For example, in the case of some browsers, some active components embedded within a web page may not properly function through the security perimeter using a proxy server. Reverse proxy servers may also create complications for communications through the security perimeter. For example, many implementations of reverse proxy servers may rewrite protocols and/or web content before sending the content through the security perimeter to the client. However, web pages that include client side scripts, active components, or the like, may be virtually impossible to be rewritten and thereby limiting the use of reverse proxy servers. Therefore, there is a need in the industry for an improved mechanism to enable communications across a security perimeter. Thus, it is with respect to these considerations and others that the present invention has been made.